Threat Intelligence Briefing: IP 196.188.187.205/32
Overview:
IP address 196.188.187.205/32 was observed in the network environment on [date of observation]. The IP is associated with the following entities and behaviors, based on data collected from various cybersecurity tools and databases.
Ownership and Registration:
- Owner: The IP address is registered to [Organization Name], located in [Country/City]. The registration information was retrieved from WHOIS data as of [date of last WHOIS query].
- ASN: The IP falls under [ASN Name], which is known for [brief description of ASN activities, e.g., providing services to specific industries or regions].
Geolocation:
- Location: The IP is geolocated to [City, Country], based on geolocation services. This location is consistent with the organization's registered address.
Activity and Behavior:
- Traffic Patterns: Analysis of network traffic logs indicates that the IP has engaged in [describe observed activities, e.g., sending/receiving data to/from specific ports, protocols, or external IPs].
- Service Identification: The IP hosts services on [specific ports/protocols], which include [brief description of services, e.g., web server, FTP, etc.].
Historical Observations:
- Previous Reports: Historical data shows that the IP has been associated with [describe any past incidents or reports, e.g., benign activities, security incidents, etc.].
- Reputation: The IP has a [neutral/positive/negative] reputation score based on threat intelligence feeds. It has been flagged for [any specific reasons, e.g., malware distribution, DDoS attacks].
Relationships and Neighbors:
- Related IPs: The IP shares a network segment with [list of related IPs or network entities], which are associated with [describe any known activities or affiliations].
- Neighbor Analysis: Neighboring IPs have shown [describe any relevant activities or anomalies detected in the vicinity, e.g., increased traffic, suspicious connections].
Threat Assessment:
- Risk Level: Based on the collected data, the IP is assessed as [low/moderate/high] risk. The assessment considers factors such as [list factors, e.g., historical incidents, current activities, reputation].
- Potential Threats: The IP may pose threats related to [describe potential threats, e.g., data exfiltration, malware propagation, unauthorized access].
Recommendations:
- Monitoring: Continuous monitoring of traffic to and from this IP is recommended to detect any anomalous or malicious activities.
- Access Control: Review and enforce access control policies to restrict unnecessary communication with this IP.
- Threat Intelligence Sharing: Share findings with relevant threat intelligence platforms to enhance collective understanding and defense against potential threats.
This briefing provides a comprehensive view of IP 196.188.187.205/32, enabling SOC analysts to make informed decisions regarding network security and threat mitigation strategies.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Ethio Telecom |
| ASN | AS24757 |
| Network Name | 196.188.160.0 - 196.188.191.255 |
| CIDR Block | 196.188.160.0/19 |
| RIR | AFRINIC |
| Country | ET |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Residential |
| Service Purpose | Web Server |
| Network Tier | End-User โ Residential ISP endpoint |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | โ |
| Closed Ports | 25, 3389, 8443 (4 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | mdrtbtracker.moh.gov.et |
| Valid From | 2026-06-20T09:18:31+00:00 |
| Valid Until | 2026-09-18T09:18:30+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 89 days |
| Serial Number | 05B5525E4D49D596305C9A99BBDB39B06032 |
| Thumbprint | 7FA51BEC061AC123E01D8A6650C31681BFCB148F |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 41% | 2 | 5 |
| routing | 21% | 1 | 2 |
| services | 30% | 2 | 4 |
| ownership | 15% | 2 | 2 |
| reputation | 23% | 1 | 3 |
| geolocation | 13% | 1 | 1 |
| Overall | 24% | 9 | 17 |
| Data Coherence | Mostly Consistent (82%) โ 1 contradiction(s) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-07 23:04:05 UTC |
| Last Seen | 2026-06-26 18:11:01 UTC |
| Profile Built | 2026-06-24 02:42:01 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 26 |
Full dossier details are available via our API.